A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Containment and equivalence for an XPath fragment
Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Securing XML Documents with Author-X
IEEE Internet Computing
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
XPath queries on streaming data
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
GnatDb: a small-footprint, secure database system
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Dynamic authenticated index structures for outsourced databases
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Dynamic access-control policies on XML encrypted data
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
The erosion of trust put in traditional database servers and in Database Service Providers (DSP), the growing interest for different forms of data dissemination and the concern for protecting children from suspicious Internet content are different factors that lead to move the access control from servers to clients. Due to the intrinsic untrustworthiness of client devices, client-based access control solutions rely on data encryption. The data are kept encrypted at the server and a client is granted access to subparts of them according to the decryption keys in its possession. Several variations of this basic model have been proposed (e.g., [1, 6]) but they have in common to minimize the trust required on the client at the cost of a static way of sharing data. Indeed, whatever the granularity of sharing, the dataset is split in subsets reflecting a current sharing situation, each encrypted with a different key. Once the dataset is encrypted, changes in the access control rules definition may impact the subset boundaries, hence incurring a partial re-encryption of the dataset and a potential redistribution of keys.